• Loading...

Apache HTTPD-based Webservers

Discover with BMC ADDM
download

This product can be discovered by any edition of BMC Atrium Discovery and Dependency Mapping. Download our free Community Edition to try it out, or see what else it can discover!

What is this?
This is a product information page, containing details of the information that BMC Atrium Discovery gathers about a product and how it is obtained.
Product Names
Publisher Page
Category

Application Server Software Platforms

Release
TKU 2011-Jun-1
Change History

Apache HTTPD Based Webservers - Change History

Reports & Attributes

Apache HTTPD Based Webservers - Reports & Attributes

Publisher Links

Product Description

Apache HTTP Server

Apache HTTP Server is an extensible, efficient and secure HTTP server conforming to the HTTP standards. Apache HTTP Server is available on a large number of platforms including most Unix platforms, Windows, Mac OS X, NetWare, etc...

Apache is developed and maintained by an open community of developers - Apache Software Foundation.

Due to the extensible nature of Apache HTTP Server and its Open Source license, it has been taken and used as the base for a number of other Web server products, including IBM HTTP Server and Oracle HTTP Server.

In Foundation 6.x all of the Apache based web servers were stored as separate matchers; Thanks to the additional functionality offered by Foundation 7.0, we are now able to create all of the Software Instances for these products from within a single pattern - reducing the overall number of patterns and the risk of cross matching with similar patterns.

IBM HTTP Server

The IBM HTTP Server is a simple Web HTTP hosting server. It is based on the Apache Web Server provided by the Apache Group, it has been extended to include a number of additional features that as standard are not found in the normal Apache distribution or cannot be added at all.

At a high level, the main additional features found in IBM HTTP Server are...

  • Threading - IBM HTTP Server 2.0.x is compiled multi-threaded, optional in the Open Source version; this can cause issues with some non-thread-safe PHP extensions.
  • SSL - IBM HTTP Server contains SSL support built-in with IBM's GSKit Library.
  • LDAP - IBM HTTP Server can access an LDAP Server to obtain user and group authentication for the Webserver.
  • FastCache - IBM HTTP Server contains two enhancements to improve performance, firstly it includes a caching system on Windows and AIX which improves response times by caching pages into kernel memory for quick access.
  • FastCGI - The second enhancement IBM HTTP Server contains to improve performance is built-in FastCGI support, an open extension to CGI that defines a protocol to talk to persistent CGI programs via a socket.
  • Installation -IBM HTTP Server uses a Java installation process that is standard across all platforms and compatible with the SUN and GNU Java VMs, as such there is only one distribution package.
  • Source Code - IBM does not ship the source code for IBM HTTP Server, just the binaries, as such it has a dual license requirement, one for the Apache part of the software and the other for the IBM part.

Oracle HTTP Server

The Oracle HTTP server is a simple Web HTTP hosting server. It is based on the Apache Web Server provided by the Apache Group, it has been extended to include a number of additional modules that enable additional advance functionality specific to Oracle based Databases and Application Servers.

The Oracle specific enhancements that have been included as part of the application are...

  • mod_dms - This module enables you to monitor performance of site components with Oracle's Dynamic Monitoring Service (DMS).
  • mod_onsint - This module provides integration support with Oracle Notification Service (ONS) and OPMN (Oracle Process Manager and Notification Server).
  • mod_ossl - This module enables strong cryptography for Oracle HTTP Server.
  • mod_plsql - This module connects the Oracle HTTP Server to an Oracle database, enabling you to create Web applications using Oracle stored procedures.

HP HP-UX Apache-Based Web Server

HP-UX Apache-based Web Server is a total solution for web server deployment. The Open Source Apache Web Server 2.0 software developed by the Apache Software Foundation serves as the base for the HP-UX Apache-based Web Server. In addition to the base HTTP server, HP has combined numerous popular modules from other Open Source projects as well as provided HP value-added features just for the HP-UX platform.

  • Apache Web Server 2.0.43 from ASF, built with worker Multi-Processing Module (MPM)
  • Modules statically included: core, http_core, mod_so, worker
  • Other standard modules dynamically included: mod_access, mod_actions, mod_alias, mod_asis, mod_auth, mod_auth_anon, mod_auth_dbm, mod_auth_digest, mod_autoindex, mod_cache, mod_cache_filter, mod_cache_filter_in, mod_cern_meta, mod_cgi, mod_cgid, mod_charset_lite, mod_dav, mod_dav_fs, mod_deflate, mod_dir, mod_disk_cache, mod_env, mod_expires, mod_ext_filter, mod_file_cache, mod_headers, mod_imap, mod_include, mod_info, mod_log_config, mod_mem_cache, mod_mime, mod_mime_magic, mod_negotiation, mod_proxy, mod_proxy_connect, mod_proxy_ftp, mod_proxy_http, mod_rewrite, mod_setenvif, mod_speling, mod_ssl, mod_status, mod_unique_id, mod_userdir, mod_usertrack, mod_vhost_alias
    mod_deflate provides a filter to compress content from your server before sending it to the client. It can also decompress a gzip-compressed request body.
    mod_suexec allows CGI and SSI programs to run under user IDs different from the user ID of the web server.

Known Versions

Apache HTTP Server

  • 1.3.19-37
  • 2.0.40-59
  • 2.2.0-2.2.17

IBM HTTP Server

IBM have followed an inconsistent versioning standard for their HTTP server, they followed the Apache numbering system until 2004 where they then started following the Websphere numbering system.

  • 1.3.19-37
  • 2.0.40-59
  • 6.0.0 (December 2004)
  • 6.0.1
  • 6.0.2
  • 6.1.0
  • 7.0.0

Oracle HTTP Server

All the evidence we have suggests that Oracle follow the standard Apache Version numbering system.

  • 1.3.19-37
  • 2.0.40-59
  • 2.2.0-2.2.4

HP Apache-Based Web Server

  • 1.3.26.00
  • 1.3.27.00
  • 2.0.39.00
  • 2.0.42.00
  • 2.0.43.00
  • 2.0.55.00

HP-UX Apache-Based Web Server

  • 1.0.01.01
  • 1.0.05.01
  • 1.0.06.01
  • 1.0.07.01
  • 2.0.48.00
  • 2.0.59.07.02
  • 2.0.59.15
  • 2.2.8.01.01
  • 2.2.8.09

Software Pattern Summary

Product Component Pattern OS Type Versioning Pattern Depth
Apache HTTP Server ApacheBasedWebserver Unix Active, Path and Package Instance-based
Windows
IBM HTTP Server Unix
Windows
Oracle HTTP Server Unix Path
Windows
HP Apche-Based Web Server Unix Active
HP-UX Apche-Based Web Server Unix Active

Platforms Supported by the Pattern

The pattern supports identification and versioning of all Apache based webservers on all major platforms - Unix, Linux and Windows.

Identification

Due to the broad nature of the products, the fact that three different products can use the same binary to provide a service, the same binary can be found in a number of different forms with different names and that the product sometimes forks a separate process that could be named the same as its parent, we have chosen to have a number of different triggers that can be used to run the product. Once the pattern is triggered, we perform some additional checks that will allow us to understand what the process is doing and which product it is representing.

Software Instance Triggers

If any of the trigger conditions below are met then execution of the pattern's body will commence.

Trigger Node Attribute Condition Argument
DiscoveredProcess cmd matches regex'\bhttpd$'
or
regex'\bhttpd\d$'
or
regex'\bhttpd[-_\.](?:prefork|worker)$'
or
regex'\bhttpd\d[-_\.](?:prefork|worker)$'
or
regex'(?i)\bhttpd\.exe$'
or
regex'(?i)\bapache[2]?(?:\.exe)?$'

Simple Identification Mappings

Name cmd matches args matches
Apache Webserver regex'\bapache[^ ]*/(sbin|bin)/[^ ]*\bhttpd$' N/A
regex'\bapps/apache[^ ]*/(sbin|bin)/httpd$'
Apache / Apache Variant Webserver regex'/usr/sbin/httpd$'
regex'\bapache[^ ]*/(sbin|bin)/[^ ]*\bhttpd[-_]prefork$'
regex'/usr/sbin/httpd[-_\.](prefork|worker)$'
regex'/usr/sbin/httpd\d$'
regex'/usr/sbin/httpd\d[-_\.](prefork|worker)$'
regex'(?i)\bapache\.exe$'
regex'(?i)\bhttpd\.exe$'
regex'\bbin/httpd$' regex'^.*-(d|f) *[^ ]*/apache\b'
Apache Monitor (Windows) regex'(?i)\bApacheMonitor\.exe$' N/A
Apache Rotatelogs Process regex'(?i)\brotatelogs\.exe$'
regex'(?i)\brotatelogs$'
Oracle HTTP Server (Apache Variant) regex'/(orcl|ora[^/]*)/[^ ]*/Apache/Apache/bin/httpd$'
regex'(?i)(orcl|ora[^\\]*)\\.*\bApache\\Apache\\Apache\.exe$'
IBM HTTP Webserver (Apache Variant) regex'\bIBM(HTTPD|IHS)[^ ]*/bin/httpd$'
regex'\bIBM.*([H|h][Tt][Tt][Pp]|IHS).*\b[^ ]*/bin/httpd$'
regex'[Ii][Hh][Ss][^ ]*/bin/httpd$'
regex'\bibmhttpd\b[^ ]*/bin/httpd$'
regex'\bHTTPServer\b[^ ]*/bin/httpd$'
regex'(?i)\bIBM.*(HTT|IHS).*\b(apache|httpd).exe$'
regex'(?i)[i][h][s].*\b(apache|httpd).exe$'
regex'(?i)ibmhttpd.*\b(apache|httpd).exe$'
regex'(?i)\bHTTP[ ]*Server.*\b(apache|httpd).exe$'

Versioning

Version information for this product can be gathered using one of three possible methods.

Active Versioning

For all active version commands we first perform a check to ensure that we have a full command path before executing a command or parsing a binary file.

Regex used to check Windows path: (\w:\\.+)\\.+\.exe$
Regex used to check Unix path: (^/.+)/.+

We have identified two different ways to version these products, one of them for all Apache based Webservers, the other specifically for the IBM HTTP Server.

Before we execute the specific command we check the path of the command to see if it is a known IBM deployment, more information on how the check is performed can be found in the Publisher and Type Identification section and the list of regular expresions we use to check the path can be found within the IBM section of it.

IBM Specific Version Command

If the path identifies that the webserver we are dealing with is an instance of IBM HTTP Server we then perform the IBM Specific version command.

Windows

The command that is executed on Windows involves performing a find for the string '\"HTTP\"' in a file called "version.signature" which can be found in the directory above the location of the HTTP binary.

Executed command: FIND \"HTTP\" %cmd_path%\..\version.signature

Unix

The command that is executed on Unix involves performing a grep for the string 'HTTP' on a file called "version.signature" which can be found in the directory above the location of the HTTP binary.

Executed command: cd %cmd_path%; grep "HTTP" ../version.signature

Generic Apache Version Command

Unix

On Unix based systems we extract the version number of the HTTP server by parsing the binary that we triggered on using the strings command.

Executed command: strings %process.cmd% | grep "Apache/" | head -n 1

The command returns the first line within the binary file that contains the string "Apache/", as the version information for Apache is stored as "Apache/x.x.x.x" we can be confident that the first instance of this string contains a valid version number.

For instances of Oracle HTTP Server prior to Oracle 10g releases and for HP Apache-based Web Server the binary still contains the Apache information , due to the fact that Oracle HTTP Server nad HP Apache-based Web Server is simply Apache repackaged with an additional set of modules.

Windows

If the path was not identified as an IBM HTTP Server deployment then a more generic command is executed, we run the triggered process with the argument "-version".

Executed command: "%process.cmd%" -version

Note: The executable is ran with quotes to get round the issue of running commands with spaces in the path under DOS/Windows CLI.

We have found that all of the approaches provides a version number up to four levels of depth, i.e. x.x.x.x.

Oracle HTTP Server Version Command

For Oracle HTTP Server from Oracle 10g onwards we get version information by executing the trigger process with the argument "-version". The versions returned are now based Oracle versioning and no longer on Apache versions

Executed command: "%process.cmd%" -version

Parsing of the Version Command Output

Because multiple Versioning Commands may be ran (Generic Command, and Oracle Command), we store all the results in a list, which may contain 1 to 2 elements. We then iterate through that list, and parse each result through a series of Regular Expressions, stopping when we find a match.

Regular Expressions employed to obtain Version (in the following order):

  • Apache/(\d+(?:\.\d+)*)
  • Server\s+(\d+(?:\.\d+)*)
  • (\d+(?:\.\d+)*)\s+Oracle-HTTP-Server
  • HP Apache-based Web Server/(\d+(?:\.\d+)*)
  • HP-UX_Apache-based_Web_Server/(\d+(?:\.\d+)*)

Path Versioning

If the Active Version Command does not return any version or publisher information then we attempt to parse the full command path against a regex to see if we can identify the publisher and/or version of the product.

As the pattern identifies multiple products from a single binary we have to ensure that any regex we use are specific to the actual product we are identifying, as such we use different regular expressions against the path

Path Regex: (?i)apache(?:_|/|-|\.|\\|)(\d(?:\.\d+)?(?:\.\d+)?(?:\-\d+)?)
Path Regex: (?i)/ihs\[-_\]?(?:(\d(?:\.\d+)?(?:\.\d+)?(?:\-\d+)?))
Path Regex: (?i)(\d+(?:\.\d+)*)[/\\]Apache

An additional processing technique is then used on the resulting value to normalise the version so that it is separated using periods rather than - or _.

Depending on the deployment of the product we have found that this approach provides a version number between one and four levels of depth, i.e. x through to x.x.x.x, and can sometimes include a separate build number as well.

Package Versioning

If neither the Active Command or Path regex return any version information then we check the installed packages to see if we can extract version information from one of them.

Package Regular expressions:

  • ^httpd$
  • ^SUNWapchr$
  • ^SUNWapch2r$
  • ^SUNWapchu$
  • ^SUNWapch2u$
  • ^COVLapache
  • ^apache2$

If a single package is returned then the version number is taken from it and assigned to the Software Instance.

Where multiple packages are returned they are checked against a pre-defined preference list and the most 'trusted' package is used to version the Software Instance.

Package Preference:

  1. httpd
  2. SUNWapchr
  3. SUNWapch2r
  4. SUNWapchu
  5. SUNWapch2u
  6. COVLapache
  7. apache2

Alternative Versioning Approach

From the information we have, we believe that the versioning techniques we are using are accurate enough to be considered the best options for the current releases; future release may need to have additional techniques added to cover unforeseen circumstances or new features.

Future Considerations

The current versioning techniques provide broad scope and good depth in the majority of circumstances, as such we do not know of any further versioning techniques that would be beneficial for this product at this time.

The versioning techniques may need to be updated in the future if more commands become available or new/different packages are used during the installation.

Publisher and Type Identification

As mentioned above this pattern identifies and creates Software Instances for multiple products, the logic it uses to identify the specific product is as follows.

We perform both checks where possible to ensure we are capturing and presenting the correct information to the user.

Command Based Identification

In addition to version information we can also retrieve the publisher from the Active Versioning Command, to do this we parse the executed command's output with a simple regex to identify whether IBM, Apache or Oracle was found in the output.

The same information is presented on both types of Operating Systems (Unix and Windows) in the same format so we can use a single regex for both of them.

Publisher Regex: (?i)(ibm|hp-ux|hp|apache|oracle)

Path Based Identification

Once we have completed all of the versioning techniques we check each of the paths to see if it contains any information on the publisher of the product.

To perform these checks we build up a list of known regular expressions for each of the products, so we have one list for Apache, one list for IBM and one list for Oracle, we then iterate over these lists in sequence and check if the path matches one of the known regular expressions we create the appropriate attribute and exit, if none of the path regular expressions match the command's path we then move on to the next loop.

The list of path regular expressions and the order they are checked in is as follows.

Oracle HTTP Server Path Identification

The Oracle HTTP Server list is checked first as it is the most generic of the re-bundled HTTP servers, there are no uniquely identifying characteristics apart from the path that can be used to identify an instance of Oracle HTTP server.

Identification Regex: /(?:orcl|ora[^/]*)/[^ ]*/Apache
(?i)(?:orcl|ora[^\\]*)\\.*\bApache

IBM HTTP Server Path Identification

The IBM HTTP Server list is the second one to be checked.

Identification Regex: (?i)IBM(HTTPD|IHS)
\b[Ii][Bb][Mm].*([H|h][Tt][Tt][Pp]|IHS)
(?i)ihs

Apache HTTP Server Path Identification

The Apache HTTP Server list is the final one to be checked.

Identification Regex: \bapache[^ ]*/(?:sbin|bin)/[^ ]*\bhttpd$
\bapps/apache[^ ]*/(?:sbin|bin)/httpd$
/usr/sbin/httpd$
\bapache[^ ]*/(?:sbin|bin)/[^ ]*\bhttpd[-_]prefork$
/usr/sbin/httpd[-_\.](?:prefork|worker)$
/usr/sbin/httpd\d$
(?i)\\apache\.exe$
(?i)\\httpd\.exe$

Application Model Produced by Software Pattern

Product Architecture

The webserver may be installed both as standalone as well as being included as a component of other business applications.

Single or multiple instances of the webserver could be running on a specific host, this is dictated by platform and configuration.

On Linux/Unix it is more common to find a forking instance of the webserver, it is started with a single httpd process, this then forks a number of children to assist in the handling of http requests.

On Windows it is more common to have a single process that manages all requests internally.

A single instance of the webserver can host more than one website at a single time using virtual hosts.

Software Pattern Model

The pattern is triggered on all processes that match the specified regular expressions; this will result in the pattern being triggered a number of times equal to the number of Apache based webserver processes running on a single host - not ideal where the running instance has forked children.

To ensure that only a single Software Instance is created for each truly unique running instance of the webserver, a further check is then made to ensure that the pattern continues only if the process is the parent process - if it is a child process, then the pattern stops.

The added advantage of performing this check is that it ensures that the commands are only executed when we are sure that we have a unique instance - making the pattern more efficient and saving time when scanning.

Thanks to this functionality and the multi step commands, we are able to create a Deep Software Instance.
As mentioned above, a check is performed to ensure that the process is a distinct webserver parent process, the additional information that is then used by the pattern to create a unique key is the arguments of the process.

When an Apache based webserver is started it either uses a default configuration or has a specific configuration set using the arguments. Using the '-f' and/or '-d' arguments you can identify the specific configuration of the webserver. The -f argument is used to identify a Config File, whereas the -d argument is used to identify the ServerRoot. When present, each argument is added as an attribute to the SI.

The Pattern also creates different Software Instances based on the information it has retrieved from the commands and/or path it queried.
The Software Instance Type is based on the returned publisher, so if 'IBM' was returned by a version command or was in the path then the Type would be set to "IBM HTTP Server", this information is also used in the key to create distinct Software Instances for each type of webserver running on a specific host.

SI Depth

The pattern creates an Instance-based Software Instance, its key being based on:

  • afh (hash value for the string derived from the unique component - configuration file name and the process command-line), type (a string retrieved from the Products table based on the publisher's name) and host key

or

  • trigger process command-line and version.

Relationships Creation

Oracle e-Business

In the case that we are dealing with the Oracle HTTP Server, the pattern works on establishing a Relationship with Oracle E-Business Suite.

While the pattern doesn't actually model a Relationship with Oracle E-Business Suite, it creates the grounds on which the Relationship is based, by modeling the ebs_sid attribute.

This attribute is added to the Web Server SI, and represents the Database SID that E-Business Suite is working with.

In order to obtain it, the pattern extracts the contents of the -f Config File (either httpd.conf or httpd_pls.conf), and parses its content through a Regular Expression.

Regular Expression employed to extract Database SID: (?i)DocumentRoot *.+portal[/\\](.+)_

The ebs_sid attribute is going to be looked for by the Oracle E-Business Suite Pattern, in order to model a Relationship with the Web Server.

Associate processes

The pattern identifies all the child processes of the trigger process that created the SI and relates them to the SI via an associate relationship

Future Considerations

In the future we will be looking at identifying the port(s) that the webserver is listening on and add them as attributes to the Software Instance.

We will also see if we can identify the website that is being hosted and use that as the name.

Differences to 6.x approach

The key difference to the 6.x approach is the use of a single pattern instead of multiple SE Matchers, this improves the efficiency of a scan run and eliminates the chance of cross matching the same instance as different products.

Instead of creating a "Footprint" SI the pattern identifies each unique running instance of the Apache based webserver and creates a single SI for it and then relates any other processes that are considered to be part of the running instance, this improves the accuracy of the scan and visualisation.

The pattern now also takes advantage of the ability to perform multiple steps and versioning techniques, rather than relying on the path it now uses a version command to check which publisher produced the webserver.

Subject Matter Expertise

SME feedback has been incorporated from the 6.x matchers to ensure correct identification and versioning of the Software Instances. Further feedback would be appreciated if it could further improve Pattern accuracy and scope for identification and versioning of the products.

Testing

This pattern has been tested against installations of all possible product types that can be created across multiple platforms, additional tests were performed against record data for other webservers to ensure that erroneous Software Instances were not created.

Information Sources

Open Issues

TOP

Created by: Nikola Vukovljak 15 November 2007
Reviewed by: Vineet Deshpande 21 June 2011
Updated by: Neha Kabra 20 June 2011

Skip to end of metadata
Go to start of metadata
Labels:
products products Delete
package_versioning package_versioning Delete
build build Delete
path_versioning path_versioning Delete
active_versioning active_versioning Delete
additional_attributes additional_attributes Delete
application_server_software_platforms application_server_software_platforms Delete
apache_foundation apache_foundation Delete
active_command active_command Delete
configuration configuration Delete
open_source open_source Delete
tku_2011-jun-1 tku_2011-jun-1 Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.